Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Point to Trusty instance via an environment variable #1401

Merged
merged 1 commit into from
Nov 2, 2023
Merged

Point to Trusty instance via an environment variable #1401

merged 1 commit into from
Nov 2, 2023

Conversation

jhrozek
Copy link
Contributor

@jhrozek jhrozek commented Nov 2, 2023

To make sure we're talking to the right trusty instance through the
k8s service name.

@jhrozek
Point to Trusty instance via an environment variable
67451c0 
To make sure we're talking to the right trusty instance through the
k8s service name.
@jhrozek
Copy link
Contributor Author

jhrozek commented Nov 2, 2023 

$ helm template just-a-test deployment/helm | grep -C 4 TRUSTY
walk.go:74: found symbolic link in path: /Users/jakub/devel/mediator/deployment/helm/config.yaml.example resolves to /Users/jakub/devel/mediator/config/config.yaml.example. Contents of linked file included and used
          - name: "MEDIATOR_AUTH_TOKEN_KEY"
            value: "/secrets/auth/token_key_passphrase"
          - name: "MEDIATOR_IDENTITY_SERVER_CLIENT_SECRET_FILE"
            value: "/secrets/identity/identity_client_secret"
          - name: "MEDIATOR_UNSTABLE_TRUSTY_ENDPOINT"
            value: "http://pi.pi:8000"

          # ko will always specify a digest, so we don't need to worry about
          # CRI image caching

@jhrozek
Copy link
Contributor Author

jhrozek commented Nov 2, 2023

and a test in cluster:

curl -v 'http://pi.pi:8000/pi/v1/report?package_name=urllib3&package_type=pypi' | head
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 172.20.246.184:8000...
* Connected to pi.pi (172.20.246.184) port 8000 (#0)
> GET /pi/v1/report?package_name=urllib3&package_type=pypi HTTP/1.1
> Host: pi.pi:8000
> User-Agent: curl/7.76.1
> Accept: */*
>
  0     0    0     0    0     0      0      0 --:--:--  0:00:03 --:--:--     0* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< date: Thu, 02 Nov 2023 11:17:16 GMT
< server: uvicorn
< content-length: 8048
< content-type: application/json
<
{ [8048 bytes data]
100  8048  100  8048    0     0   2247      0  0:00:03  0:00:03 --:--:--  2246
* Connection #0 to host pi.pi left intact
{"package_name":"urllib3","package_type":"pypi","package_data":{"id":"e4ac84ae-e313-5c7a-bb73-b79a1e317721","status":"complete","status_code":null,"name":"urllib3","version":"2.0.6","author":"","author_email":"Andrey Petrov <andrey.petrov@shazow.net>","package_description":"\"\\n\\n![urllib3](https://github.com/urllib3/urllib3/raw/main/docs/_static/banner_github

@jhrozek jhrozek merged commit 534e861 into mindersec:main Nov 2, 2023
12 checks passed
@evankanderson evankanderson mentioned this pull request Nov 2, 2023
Merged
@jhrozek jhrozek mentioned this pull request Nov 4, 2023
Merged
jhrozek added a commit that referenced this pull request Nov 4, 2023
@jhrozek
Don't reuse the configured Trusty http endpoint for the PR reply, use…
003a318 
… a constant instead (#1473)

When we first developed the Trusty evaluator, we had a configurable
Trusty endpoint which we used to both talk to the API endpoint and to
construct the HTTP URL to link to a package alternative.

Nowadays, we use the name/namespace of the k8s service to contact trusty by
default (See PR #1313 and #1401), but that means our PR replies were
pointing to `http://pi.pi:8000` as well.

Instead, let's use the new prod/staging constants to add a HTTP URL of a
Trusty instance and point to that.

Since Trusty is a hosted service only, let's just use a constant.
@evankanderson evankanderson mentioned this pull request Nov 6, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JAORMX JAORMX JAORMX approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jhrozek @JAORMX